Since Algeria severed diplomatic ties with Morocco in 2021, tensions between the two neighbors have largely remained confined to the diplomatic arena. However, with the increasing digitization of their economies, these conflicts have begun to spill over into the cyber domain. Recently, Algerian hacktivists leaked data from Morocco’s National Social Security Fund (CNSS), followed by Moroccan hacktivists retaliating by leaking data from Algeria’s MGPTT.
Since 2021, Algeria and Morocco have faced a deepening diplomatic crisis centered on the Western Sahara conflict. Tensions in the region threaten to escalate into direct confrontation, with Morocco’s ties to Israel—further strained by the Israel-Hamas war in Gaza—adding significant friction.
While mutual restraint and U.S. diplomatic pressure have so far prevented open conflict, rising risks could destabilize the situation. These include an intensifying arms race, a growing shadow cyberwar involving targeted cyberattacks, online misinformation and propaganda campaigns, increasing militancy among Western Sahara’s pro-independence Polisario Front youth, and potential shifts in U.S. policy under a new administration.
In 2020, Morocco normalized relations with Israel, pursuing military cooperation, which Algeria perceived as a threat to its national security, particularly amid other regional developments. The primary flashpoint, however, remains Western Sahara, where Morocco claims sovereignty, while Algeria supports the pro-independence Polisario Front.
Since 2020, both nations have adopted more assertive foreign policies. Under King Mohammed VI, Morocco has bolstered its regional influence, particularly through its control over Western Sahara, and expanded global ties. Conversely, Algeria’s regional clout waned after President Abdelaziz Bouteflika’s 2013 stroke and the 2019–2021 pro-democracy protests, which focused authorities on domestic stability. However, since President Abdelmadjid Tebboune’s 2019 election, Algeria has sought to reclaim its prominence in North African and Sahelian affairs.
This rivalry has fueled significant tensions. Morocco’s 2020 normalization with Israel provoked Algeria, which suspected of a plot against its interests. Tensions escalated further due to Morocco’s support for self-determination in Algeria’s Kabylia region and the alleged use of Israeli Pegasus spyware against Algerian officials. In August 2021, Israeli Foreign Minister Yair Lapid’s accusations of Algerian meddling in the Sahel, made during a visit to Rabat, prompted Algiers to sever diplomatic ties with Morocco. Subsequent incidents, including arms and the spread of online disinformation, have intensified the dispute.
In Western Sahara, the Polisario Front renounced a 30-year ceasefire in 2020, reigniting conflict with Morocco in a war of attrition. This has strained the UN mission in Western Sahara (MINURSO), operational since 1991. In 2022 and 2023, the mission faced potential withdrawal, which could have brought Moroccan and Algerian forces into direct confrontation, risking a broader conflict. U.S. intervention preserved the mission, temporarily easing tensions.
External actors have played varied roles. The Biden administration engaged Algeria, Morocco, and the Polisario to prevent escalation, while European governments have struggled to balance relations with both nations. Spain and France, initially neutral, ultimately supported Morocco’s Western Sahara position, alienating Algeria. The EU has sought to protect its ties with Morocco amid legal disputes over Western Sahara at the European Court of Justice while maintaining outreach to Algeria with limited success.
The rivalry has extended across North and sub-Saharan Africa. Morocco has capitalized on Algeria’s reduced Sahel influence, proposing a motorway linking the region to Moroccan-controlled Western Sahara. Algeria countered with a proposed North African alliance including Libya and Tunisia, excluding Morocco. At the African Union, their tensions have occasionally disrupted institutional functions.
Despite mutual restraint and U.S. mediation, the risk of conflict persists. In Western Sahara, both sides have tacitly agreed to rules protecting civilians and the UN mission, guided partly by international law. However, risks to this fragile status quo include growing militancy among Polisario activists, the ongoing arms race, inflammatory online rhetoric, shadow war in cyberspace, and potential shifts in U.S. policy under a new Trump administration.
Cyber incidents have escalated over time, targeting critical government infrastructure, media, and sensitive data, often in retaliation for political developments or perceived provocations.
During our investigation, our researchers discovered multiple credentials belonging to telecom organisations that were leaked by hacker groups on underground forums. Recent cyberattacks, including the breach of Morocco’s CNSS, have compromised sensitive data and eroded public trust in government systems. These incidents, fuelled by geopolitical tensions, have disrupted regional business stability and pose a risk of further escalation.
On April 10, 2025, a new cyber group named “Tunisian RootStorm” emerged, establishing a dedicated Telegram channel to coordinate cyberattacks against the Moroccan government and business entities. The group announced that their actions were in retaliation for alleged disruptions by Moroccan hacktivists targeting Tunisia’s cyberspace. Following this declaration, Tunisian RootStorm launched multiple attacks on the Moroccan government and individual websites, resulting in data breaches. The group not only leaked sensitive information but also disclosed contact emails and phone numbers of Moroccan officials and ministers.
On April 11, 2025, the same Tunisian group announced via their Telegram channel that they had compromised MT Cash, a mobile payment service operated by Maroc Telecom. The group claimed to have leaked over 450 MB of data on their Telegram channel. The leaked data reportedly included JSON files, website configurations, and other resources necessary for constructing the website.
Further investigation revealed that the allegedly leaked data was already publicly accessible and indexed. Such tactics are often employed by hacktivists to gain attention and instill fear among the general public.
The conflict over Western Sahara has been a significant point of contention between Morocco and Algeria. Algeria’s support for the Polisario Front, which seeks independence for Western Sahara, contrasts sharply with Morocco’s claim over the territory.
For instance, the recent breach of Morocco’s National Social Security Fund (CNSS) was claimed by a hacker citing retaliation against Moroccan “harassment” of Algeria on social media platforms.
On April 8, 2025, a user claimed responsibility for a major breach targeting Morocco’s National Social Security Fund (CNSS), resulting in the unauthorized exposure of sensitive data pertaining to both individuals and businesses in Morocco.
The compromised data, reportedly stored in unencrypted formats on vulnerable servers, was left openly accessible, enabling unauthorized retrieval. This breach impacts thousands of Moroccan workers and companies, revealing confidential financial information such as salary records and other private details.
The stolen data was shared on BreachForums. While the hacker denied links to any organized group, the breach appears to carry a political motive. The attackers alleged that the cyberattack was a reaction to perceived Moroccan “harassment” of Algeria on social media.
On April 8, 2025, a cyber group named “Oursec” initiated a series of attacks targeting Moroccan government institutions. The group publicly released data on its Telegram channel, which included personal information, such as names, addresses, phone numbers, emails, and other sensitive details. These actions are part of a broader trend of escalating cyber threats against Morocco, often linked to geopolitical tensions in the region.
In response to the CNSS breach, Moroccan hacker groups, including “Phantom Atlas” and “Moroccan Cyber Forces,” launched counterattacks on April 10, 2025. They breached Algeria’s Social Security Fund for Postal and Telecommunications Workers (MGPTT), leaking 13–20 GB of sensitive data, including ID numbers and administrative documents. They also claimed to have accessed Algeria’s Ministry of Labor systems.
Another Moroccan hacktivist group, known as Evil Morocco, claimed on their Telegram channel on April 12, 2025, to have hacked a university website and leaked its data. Following past trends, hacktivists often target educational institutions and government websites, which typically have mid to low-tier security measures.
The cyber conflict has escalated beyond individual hacktivist groups from the two countries attacking each other. Alliances have been formed, such as Algerian hacktivists teaming up with Pakistani groups, while Moroccan groups receive support from Russian hacktivists. These alliances bring their own tools and enhance technical capabilities, significantly increasing the threat to the cybersecurity landscapes of both nations.
The list remains evolving, as hacktivist channels primarily utilize Telegram for their operations. However, many channels are frequently banned and do not return, while others re-emerge under different names, making it challenging to maintain a comprehensive overview of their activities.
Hacktivists Attacking Morocco
Hacktivists Attacking Algeria
The Algeria-Morocco tensions have fueled a significant cyber fallout, characterized by escalating attacks on government institutions, data leaks, and media-driven provocations. These incidents, rooted in the Western Sahara dispute and broader regional rivalries, highlight the growing role of cyber warfare in geopolitical conflicts. While both sides have avoided open military confrontation, the cyber domain has become a new frontline, with risks of further escalation if critical infrastructure is targeted. International intervention and stronger cybersecurity measures are critical to mitigating this digital shadow war.
